This is a hypothetical, yet very technically precise question I'm trying to ask all the compiler/static analysis programmers.
I'm trying to understand the extent of prohibitive features I would need ...

I'll use FlawFinder in this example. FlawFinder is a static code "analyser" tool that examines C/C++ source files and outputs warnings/hits if a vulnerability was identified. The way it does this is ...

I've inherited some Java code which I suspect harbours some concurrency bugs when synchronizing between a thread that queries data and an IO event that updates the same data. I'm trialling a static ...

After reading this description of the infamous heartbleed bug, and how the OpenSSL team is relatively small and lightly funded, I'm wondering: would this bug have been uncovered by coverity, valgrind ...

I use java language to develop android application, after static analysis, the tool warns about high efferent coupling.
What is the reason of this warning? Is it about AComModel which is extended by ...

How likely is it for a bug that can be discovered by a static analysis tool (namely Findbugs) in test classes mask a real bug in the actual code? Is this a realistic scenario?
Is it really worth the ...

I am trying to create a poc for a static code analysis tool supporting an Object Oriented and a procedural language (C and Java, for example). Even after quite a bit of internet search I am still not ...

I've looked around for a solution (preferably not hosted, something I can run locally) to do static analysis of a codebase over time for things like SLOC, Complexity, authors, commits, etc. It has to ...

I program CLI utilities in bash to automate much of my work as a DBA.
I would like improve my code and make it more robus,t maybe with the help of some static code analysis tool like the one I used ...

The first answer to an old, recently active question linked to a video which talks about how Google repository is done.
One interesting thing which was mentioned is the fact that everything is build ...

Part of the QA steps required for a project I am tangentially involved with require the person who is responsible to integrate new version of source file to first calculate how many lines have been ...

Basically I ran Intellij Idea 's plug in called FindBugs-Idea to analyze my code . I corrected whatever errror was caught and then ran the tool again but it was still complaining about the same error ...

I'm looking for something akin to FxCop, but for databases. Basically, I want to have a tool where I configure my database standards (naming conventions, field types, or more complex custom rules). ...

For several years now I am a big fan of using static code analysis tools for checking the source code quality. We are mostly doing C# development so NDepend was the best way to go for me. Most of the ...

Currently for school we are working on a research project. The central question of this project is: Which architectural patterns can be detected using static code analysis? With architectural pattern ...

We have a large "legacy" C++ code base on which no static analysis is run at the moment.
Every now and then, we are thinking about at least using cppcheck, maybe via Visual Lint. (I've also briefly ...